net/base/cert_verify_proc_openssl.cc - Issue 10855168: Rename X509Certificate::VerifyFlags to CertVerifier::VerifyFlags

Side by Side Diff: net/base/cert_verify_proc_openssl.cc

Issue 10855168: Rename X509Certificate::VerifyFlags to CertVerifier::VerifyFlags (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src

Patch Set: Compile fix Created 8 years, 4 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch | Annotate | Revision Log

OLD	NEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.	1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "net/base/cert_verify_proc_openssl.h"	5 #include "net/base/cert_verify_proc_openssl.h"

6	6

7 #include <openssl/x509v3.h>	7 #include <openssl/x509v3.h>

8	8

9 #include "base/logging.h"	9 #include "base/logging.h"

10 #include "base/sha1.h"	10 #include "base/sha1.h"

11 #include "crypto/openssl_util.h"	11 #include "crypto/openssl_util.h"

12 #include "net/base/asn1_util.h"	12 #include "net/base/asn1_util.h"

13 #include "net/base/cert_status_flags.h"	13 #include "net/base/cert_status_flags.h"

	14 #include "net/base/cert_verifier.h"
	wtc 2012/08/15 22:44:03 This file doesn't seem to need to include this hea This file doesn't seem to need to include this header because it isn't using CertVerify::VERIFY_xxx. See my comment about the "int flags" argument below. Ryan Sleevi 2012/08/15 23:07:05 Good catch, removed. Show quoted text On 2012/08/15 22:44:03, wtc wrote: > > This file doesn't seem to need to include this header because > it isn't using CertVerify::VERIFY_xxx. See my comment about > the "int flags" argument below. Good catch, removed.
14 #include "net/base/cert_verify_result.h"	15 #include "net/base/cert_verify_result.h"

15 #include "net/base/net_errors.h"	16 #include "net/base/net_errors.h"

16 #include "net/base/x509_certificate.h"	17 #include "net/base/x509_certificate.h"

17	18

18 #if defined(OS_ANDROID)	19 #if defined(OS_ANDROID)

19 #include "net/android/network_library.h"	20 #include "net/android/network_library.h"

20 #endif	21 #endif

21	22

22 namespace net {	23 namespace net {

23	24

(...skipping 175 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
199 #endif // defined(OS_ANDROID)	200 #endif // defined(OS_ANDROID)

200	201

201 } // namespace	202 } // namespace

202	203

203 CertVerifyProcOpenSSL::CertVerifyProcOpenSSL() {}	204 CertVerifyProcOpenSSL::CertVerifyProcOpenSSL() {}

204	205

205 CertVerifyProcOpenSSL::~CertVerifyProcOpenSSL() {}	206 CertVerifyProcOpenSSL::~CertVerifyProcOpenSSL() {}

206	207

207 int CertVerifyProcOpenSSL::VerifyInternal(X509Certificate* cert,	208 int CertVerifyProcOpenSSL::VerifyInternal(X509Certificate* cert,

208 const std::string& hostname,	209 const std::string& hostname,

209 int flags,	210 int flags,
	wtc 2012/08/15 22:44:03 I found that this function ignores the \|flags\| arg I found that this function ignores the \|flags\| argument. This seems problematic. Ryan Sleevi 2012/08/15 23:07:05 The Android function lacks any ability to convert Show quoted text On 2012/08/15 22:44:03, wtc wrote: > > I found that this function ignores the \|flags\| argument. > This seems problematic. The Android function lacks any ability to convert flags to something the JNI side can use. Thus it's entirely dependent on the trust manager. Note that, because of this, we also don't support EV on Android.
210 CRLSet* crl_set,	211 CRLSet* crl_set,

211 CertVerifyResult* verify_result) {	212 CertVerifyResult* verify_result) {

212 crypto::EnsureOpenSSLInit();	213 crypto::EnsureOpenSSLInit();

213	214

214 if (!cert->VerifyNameMatch(hostname))	215 if (!cert->VerifyNameMatch(hostname))

215 verify_result->cert_status \|= CERT_STATUS_COMMON_NAME_INVALID;	216 verify_result->cert_status \|= CERT_STATUS_COMMON_NAME_INVALID;

216	217

217 bool verify_attempted = false;	218 bool verify_attempted = false;

218	219

219 #if defined(OS_ANDROID)	220 #if defined(OS_ANDROID)

(...skipping 48 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
268 // TODO(joth): if the motivations described in	269 // TODO(joth): if the motivations described in

269 // http://src.chromium.org/viewvc/chrome?view=rev&revision=80778 become an	270 // http://src.chromium.org/viewvc/chrome?view=rev&revision=80778 become an

270 // issue on OpenSSL builds, we will need to embed a hardcoded list of well	271 // issue on OpenSSL builds, we will need to embed a hardcoded list of well

271 // known root CAs, as per the _mac and _win versions.	272 // known root CAs, as per the _mac and _win versions.

272 verify_result->is_issued_by_known_root = true;	273 verify_result->is_issued_by_known_root = true;

273	274

274 return OK;	275 return OK;

275 }	276 }

276	277

277 } // namespace net	278 } // namespace net

OLD	NEW

« no previous file with comments | « net/base/cert_verify_proc_nss.cc ('k') | net/base/cert_verify_proc_unittest.cc » ('j') | no next file with comments »